ES
Uploaded byEric Smalling
PDF, PPTX37 views

Look Ma' - Building Java and Go based container images without Dockerfiles

The document discusses container images, highlighting that they can be built without Dockerfiles using tools like Jib and Ko for Java and Go applications, respectively. It emphasizes best practices for image creation, the benefits of automation and simplicity, and potential downsides including security complacency and knowledge concentration. Resources and links for further learning are also provided.

Embed presentation

Download as PDF, PPTX
NO DOCKERFILES! LOOK MA’… Photo by Chanaka from Pexels 
 https://www.pexels.com/photo/cargo-container-lot-906494/ @ERICSMALLING
LOOK MA’, NO DOCKERFILES! CONTAINER IMAGES 101 ▸ Images are just a collection of tarballs ▸ Base fi lesystem and environment info a container will start from ▸ Can contain metadata: i.e. annotations/labels ▸ Commonly build from Docker fi le syntax ▸ Stored in repositories in registries (DockerHub, GCR, ECR, Quay, Harbor, etc) ▸ Standardized format: OCI Photo by Frans van Heerden 
 https://www.pexels.com/photo/assorted-color-trailer-boxes-2881632/
LOOK MA’, NO DOCKERFILES! IMAGE LAYERS - FROM DOCKERFILE FROM maven:3-jdk-8-slim as build RUN mkdir /app/src WORKDIR /app/src COPY pom.xml pom.xml COPY src src RUN --mount=target=$HOME/.m2,type=cache mvn install FROM tomcat:8.5.21 RUN mkdir /tmp/extracted_files COPY web.xml /usr/local/tomcat/conf/web.xml COPY --from=build /app/src/target/myapp /usr/local/tomcat/webapps/myapp LABEL org.opencontainers.image.source=https://repo.mycorp.com/team-volton/redlion tomcat:8.5.21 /tmp/ extracted_files …/web.xml …/myapp LABEL org.opencontainers.i mage/source
LOOK MA’, NO DOCKERFILES! IMAGE BEST PRACTICES ▸ Minimize Footprint ▸ Layer Housekeeping ▸ Build strategies ▸ Organizational standards Photo by David McBee 
 https://www.pexels.com/photo/tilt-shift-lens-photography-of-red-crane-miniature-392031/
Photo by Yan Krukov from Pexels 
 https://www.pexels.com/photo/photo-of-woman-showing-frustrations-on-her-face-4458420/ I JUST WANT TO 
 BUILD MY APP!
LOOK MA’, NO DOCKERFILES! JIB AND KO https://github.com/GoogleContainerTools/jib ▸ Build OCI images for Java applications without a Docker daemon or Docker fi le. ▸ 100% Java implementation ▸ Plugins for Maven and Gradle ▸ Allows for organizational standards via parent POM inheritance. ▸ Opinionated defaults (can be overridden)
LOOK MA’, NO DOCKERFILES! JIB AND KO https://github.com/google/ko ▸ Build OCI images for Go applications without a Docker daemon or Docker fi le. ▸ ko wraps the go build tool ▸ Effectively slides in place of “go build” ▸ Allows for organizational standards via a .ko.yaml fi le ▸ Opinionated defaults (can be overridden ▸ Kubernetes integration ▸ SBOM creation & SigStore integration
LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER MVN PACKAGE .JAR DOCKER BUILD IMAGE .JAR DOCKER PUSH REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER DOCKERFILE
LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
LOOK MA’, NO DOCKERFILES! MAVEN + DOCKER
LOOK MA’, NO DOCKERFILES! JIB MVN PACKAGE REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER
LOOK MA’, NO DOCKERFILES! JIB
LOOK MA’, NO DOCKERFILES! JIB
LOOK MA’, NO DOCKERFILES! JIB
LOOK MA’, NO DOCKERFILES! GO + DOCKER GO BUILD BIN DOCKER BUILD IMAGE BIN DOCKER PUSH REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER DOCKERFILE
LOOK MA’, NO DOCKERFILES! GO + DOCKER
LOOK MA’, NO DOCKERFILES! GO + DOCKER
LOOK MA’, NO DOCKERFILES! GO + DOCKER
LOOK MA’, NO DOCKERFILES! KO KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER
LOOK MA’, NO DOCKERFILES! KO
LOOK MA’, NO DOCKERFILES! KO
LOOK MA’, NO DOCKERFILES! KO KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) CONTAINER IMAGE . REKOR SBOM
LOOK MA’, NO DOCKERFILES! KO + K8S KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE REKOR SBOM KUBECTL .YAML
LOOK MA’, NO DOCKERFILES! KO + K8S KO APPLY REGISTRY IMAGE . IMAGE IMAGE IMAGE REKOR SBOM .YAML
LOOK MA’, NO DOCKERFILES! KO + K8S
LOOK MA’, NO DOCKERFILES! KO + K8S
PROS & CONS
LOOK MA’, NO DOCKERFILES! PROS ▸ Simplicity ▸ Hides complexity ▸ Developers can focus on their core strengths ▸ Streamlines processes Photo by Erik Geiger from Pexels 
 https://www.pexels.com/photo/close-up-on-engine-start-button-in-car-7085726/
LOOK MA’, NO DOCKERFILES! PROS ▸ Guidance & Governance ▸ Opinionated defaults reviewed by the open source community but overridable as needed ▸ Org / Team speci fi cs can be managed using existing tools (i.e. Parent POM) ▸ Fosters a culture of automation over manual tasks / tribal knowledge Photo by Nextvoyage 
 https://www.pexels.com/photo/brown-asphalt-road-beside-lake-730662/
LOOK MA’, NO DOCKERFILES! PROS ▸ Security ▸ Minimal images limit attack blast radius ▸ Automation produces deterministic results and is auditable ▸ Standardized processes limit human error Photo by Scott Webb 
 https://www.pexels.com/photo/two-gray-bullet-security-cameras-430208/
LOOK MA’, NO DOCKERFILES! CONS ▸ Black Box / Magic ▸ Abstracting away complexity can focus knowledge on a few, specialized people ▸ Lack of ability to troubleshoot container technologies because it’s not understood but the wider team ▸ Burnout of the few that do understand it ▸ Outages if nobody understands it Image by @docker (@laurelcomics ) 
 https://twitter.com/Docker/status/1239256807366934530
LOOK MA’, NO DOCKERFILES! CONS ▸ Security complacency ▸ With image creation “magically” happening, image scanning can get forgotten ▸ Vulnerabilities found in un-updated images, packages, libraries, etc can be missed ▸ Continuous scans via build scripts or other tooling can help. (automate, automate, automate) Image by @docker (@laurelcomics ) 
 https://twitter.com/Docker/status/1239256807366934530
LOOK MA’, NO DOCKERFILES! CONS ▸ Docker fi les are not that dif fi cult ▸ Syntax is pretty simple ▸ Best practices are well documented ▸ Linter’s and scanners exist to catch issues Image by @docker (@laurelcomics )
LOOK MA’, NO DOCKERFILES! RESOURCES ▸ jib: https://github.com/GoogleContainerTools/jib ▸ My blog: https://snyk.io/blog/building-java-container-images-using-jib/ 
 ▸ ko: https://github.com/google/ko ▸ Stanley Nguyen video: https://youtu.be/TpfKCE9uyCA 
 ▸ Docke fi le reference docs: https://docs.docker.com/engine/reference/builder/ 
 ▸ My blog on image annotations/labels: 
 https://snyk.io/blog/how-and-when-to-use-docker-labels-oci-container-annotations/ 
 ▸ Examples used in these slides: https://github.com/ericsmalling/alt-image-builders https://dockr.ly/TortoiseAcres @ERICSMALLING

More Related Content

PDF
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
byCodemotion
 
PPTX
Building a production-ready, fully-scalable Docker Swarm using Terraform & Pa...
byOutlyer
 
PPTX
Pp docker-swarm-doxlon-28th-march-2017
byBobby DeVeaux, DevOps Consultant
 
PDF
Agile Brown Bag - Vagrant & Docker: Introduction
byAgile Partner S.A.
 
PDF
codemotion-docker-2014
byCarlo Bonamico
 
ODP
Orchestrating docker containers at scale (PJUG edition)
byMaciej Lasyk
 
PDF
Docker for developers
byandrzejsydor
 
PDF
Work shop - an introduction to the docker ecosystem
byJoão Pedro Harbs
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
byCodemotion
 
Building a production-ready, fully-scalable Docker Swarm using Terraform & Pa...
byOutlyer
 
Pp docker-swarm-doxlon-28th-march-2017
byBobby DeVeaux, DevOps Consultant
 
Agile Brown Bag - Vagrant & Docker: Introduction
byAgile Partner S.A.
 
codemotion-docker-2014
byCarlo Bonamico
 
Orchestrating docker containers at scale (PJUG edition)
byMaciej Lasyk
 
Docker for developers
byandrzejsydor
 
Work shop - an introduction to the docker ecosystem
byJoão Pedro Harbs
 

Similar to Look Ma' - Building Java and Go based container images without Dockerfiles

PDF
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
byPuppet
 
PDF
Best Practices for Developing & Deploying Java Applications with Docker
byEric Smalling
 
PDF
VASCAN - Docker and Security
byMichael Irwin
 
PPTX
Docker and Microservice
bySamuel Chow
 
PPTX
Docker - A curtain raiser to the Container world
byzekeLabs Technologies
 
PPTX
Docker introduction
byGourav Varma
 
PPTX
Docker introduction (1)
byGourav Varma
 
PDF
BelfastJUG, Spring Boot + Docker
byHudson Mendes
 
PDF
Belfast JUG, Spring Boot & Docker
byHudson Mendes
 
PDF
What is this "docker"
byJean-Marc Meessen
 
PDF
Docker for the Brave
byDavid Schmitz
 
PDF
Be a better developer with Docker (revision 3)
byNicola Paolucci
 
PDF
Challenges of container configuration
bylutter
 
PDF
Docker presentasjon java bin
byOlve Hansen
 
PPTX
Docker for developers z java
byandrzejsydor
 
PDF
Tech Talk #2: Docker - From $1 Billion Startup to the Future Industry Standard
byNexus FrontierTech
 
PPTX
Introduction Into Docker Ecosystem
byAlexander Pastukhov, OCPJP, OCPJWSD
 
PPTX
Developer workflow with docker
byWyn B. Van Devanter
 
PDF
DevOps Unleashed: Strategies that Speed Deployments
byForgeRock
 
PPTX
Docker introduction (1)
byGourav Varma
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
byPuppet
 
Best Practices for Developing & Deploying Java Applications with Docker
byEric Smalling
 
VASCAN - Docker and Security
byMichael Irwin
 
Docker and Microservice
bySamuel Chow
 
Docker - A curtain raiser to the Container world
byzekeLabs Technologies
 
Docker introduction
byGourav Varma
 
Docker introduction (1)
byGourav Varma
 
BelfastJUG, Spring Boot + Docker
byHudson Mendes
 
Belfast JUG, Spring Boot & Docker
byHudson Mendes
 
What is this "docker"
byJean-Marc Meessen
 
Docker for the Brave
byDavid Schmitz
 
Be a better developer with Docker (revision 3)
byNicola Paolucci
 
Challenges of container configuration
bylutter
 
Docker presentasjon java bin
byOlve Hansen
 
Docker for developers z java
byandrzejsydor
 
Tech Talk #2: Docker - From $1 Billion Startup to the Future Industry Standard
byNexus FrontierTech
 
Introduction Into Docker Ecosystem
byAlexander Pastukhov, OCPJP, OCPJWSD
 
Developer workflow with docker
byWyn B. Van Devanter
 
DevOps Unleashed: Strategies that Speed Deployments
byForgeRock
 
Docker introduction (1)
byGourav Varma
 

More from Eric Smalling

PDF
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
byEric Smalling
 
PDF
IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...
byEric Smalling
 
PDF
LFX Nov 16, 2021 - Find vulnerabilities before security knocks on your door
byEric Smalling
 
PDF
KubeCon NA 2022 - Hardening against Kubernetes Hacks.pdf
byEric Smalling
 
PDF
Container Stranger Danger - Why should devs care about container security
byEric Smalling
 
PDF
SCaLE 19x - Eric Smalling - Hardening against Kubernetes Hacks
byEric Smalling
 
PDF
AWS live hack: Atlassian + Snyk OSS on AWS
byEric Smalling
 
PPTX
Simply your Jenkins Projects with Docker Multi-Stage Builds
byEric Smalling
 
PDF
DevSecCon Lightning 2021- Container defaults are a hackers best friend
byEric Smalling
 
PDF
Docker 101 Workshop slides (JavaOne 2017)
byEric Smalling
 
PDF
Why should developers care about container security?
byEric Smalling
 
PDF
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
byEric Smalling
 
PDF
Python Web Conference 2022 - Why should devs care about container security.pdf
byEric Smalling
 
PDF
ATO 2022 - Why should devs care about container security.pdf
byEric Smalling
 
PDF
AWS live hack: Docker + Snyk Container on AWS
byEric Smalling
 
PDF
DockerCon 2022 - From legacy to Kubernetes, securely & quickly
byEric Smalling
 
PDF
Hacking into your containers, and how to stop it!
byEric Smalling
 
PDF
DockerCon 2023 - Live Demo_Hardening Against Kubernetes Hacks.pdf
byEric Smalling
 
PDF
DevOpsDays Chicago 2022 - Hands-on hacking containers and ways to prevent it
byEric Smalling
 
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
byEric Smalling
 
IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...
byEric Smalling
 
LFX Nov 16, 2021 - Find vulnerabilities before security knocks on your door
byEric Smalling
 
KubeCon NA 2022 - Hardening against Kubernetes Hacks.pdf
byEric Smalling
 
Container Stranger Danger - Why should devs care about container security
byEric Smalling
 
SCaLE 19x - Eric Smalling - Hardening against Kubernetes Hacks
byEric Smalling
 
AWS live hack: Atlassian + Snyk OSS on AWS
byEric Smalling
 
Simply your Jenkins Projects with Docker Multi-Stage Builds
byEric Smalling
 
DevSecCon Lightning 2021- Container defaults are a hackers best friend
byEric Smalling
 
Docker 101 Workshop slides (JavaOne 2017)
byEric Smalling
 
Why should developers care about container security?
byEric Smalling
 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
byEric Smalling
 
Python Web Conference 2022 - Why should devs care about container security.pdf
byEric Smalling
 
ATO 2022 - Why should devs care about container security.pdf
byEric Smalling
 
AWS live hack: Docker + Snyk Container on AWS
byEric Smalling
 
DockerCon 2022 - From legacy to Kubernetes, securely & quickly
byEric Smalling
 
Hacking into your containers, and how to stop it!
byEric Smalling
 
DockerCon 2023 - Live Demo_Hardening Against Kubernetes Hacks.pdf
byEric Smalling
 
DevOpsDays Chicago 2022 - Hands-on hacking containers and ways to prevent it
byEric Smalling
 

Recently uploaded

PDF
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
PDF
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
PDF
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PPTX
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
PDF
Techbrains Baku 2025 by GoUP - all speaker session
byHusseinMalikMammadli
 
PPT
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
PPTX
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
PDF
AI Driven & AI Native Development AI native development
byZainKarim7
 
PPTX
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
PDF
250 Prompts - ChatGPT acting as your Assistant
byMihir Nagarkar
 
PPTX
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
PDF
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
PPTX
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
PPTX
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
PPTX
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
PDF
Groq Series A Investment Memo - Chamath Palihapitiya
byRazin Mustafiz
 
PDF
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
PPT
Information and Communication Technologies and Power
byJeffrey Hart
 
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
Techbrains Baku 2025 by GoUP - all speaker session
byHusseinMalikMammadli
 
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
AI Driven & AI Native Development AI native development
byZainKarim7
 
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
250 Prompts - ChatGPT acting as your Assistant
byMihir Nagarkar
 
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
Groq Series A Investment Memo - Chamath Palihapitiya
byRazin Mustafiz
 
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
Information and Communication Technologies and Power
byJeffrey Hart
 

Look Ma' - Building Java and Go based container images without Dockerfiles

  • 1.
    NO DOCKERFILES! LOOK MA’… Photoby Chanaka from Pexels 
 https://www.pexels.com/photo/cargo-container-lot-906494/ @ERICSMALLING
  • 2.
    LOOK MA’, NODOCKERFILES! CONTAINER IMAGES 101 ▸ Images are just a collection of tarballs ▸ Base fi lesystem and environment info a container will start from ▸ Can contain metadata: i.e. annotations/labels ▸ Commonly build from Docker fi le syntax ▸ Stored in repositories in registries (DockerHub, GCR, ECR, Quay, Harbor, etc) ▸ Standardized format: OCI Photo by Frans van Heerden 
 https://www.pexels.com/photo/assorted-color-trailer-boxes-2881632/
  • 3.
    LOOK MA’, NODOCKERFILES! IMAGE LAYERS - FROM DOCKERFILE FROM maven:3-jdk-8-slim as build RUN mkdir /app/src WORKDIR /app/src COPY pom.xml pom.xml COPY src src RUN --mount=target=$HOME/.m2,type=cache mvn install FROM tomcat:8.5.21 RUN mkdir /tmp/extracted_files COPY web.xml /usr/local/tomcat/conf/web.xml COPY --from=build /app/src/target/myapp /usr/local/tomcat/webapps/myapp LABEL org.opencontainers.image.source=https://repo.mycorp.com/team-volton/redlion tomcat:8.5.21 /tmp/ extracted_files …/web.xml …/myapp LABEL org.opencontainers.i mage/source
  • 4.
    LOOK MA’, NODOCKERFILES! IMAGE BEST PRACTICES ▸ Minimize Footprint ▸ Layer Housekeeping ▸ Build strategies ▸ Organizational standards Photo by David McBee 
 https://www.pexels.com/photo/tilt-shift-lens-photography-of-red-crane-miniature-392031/
  • 5.
    Photo by YanKrukov from Pexels 
 https://www.pexels.com/photo/photo-of-woman-showing-frustrations-on-her-face-4458420/ I JUST WANT TO 
 BUILD MY APP!
  • 6.
    LOOK MA’, NODOCKERFILES! JIB AND KO https://github.com/GoogleContainerTools/jib ▸ Build OCI images for Java applications without a Docker daemon or Docker fi le. ▸ 100% Java implementation ▸ Plugins for Maven and Gradle ▸ Allows for organizational standards via parent POM inheritance. ▸ Opinionated defaults (can be overridden)
  • 7.
    LOOK MA’, NODOCKERFILES! JIB AND KO https://github.com/google/ko ▸ Build OCI images for Go applications without a Docker daemon or Docker fi le. ▸ ko wraps the go build tool ▸ Effectively slides in place of “go build” ▸ Allows for organizational standards via a .ko.yaml fi le ▸ Opinionated defaults (can be overridden ▸ Kubernetes integration ▸ SBOM creation & SigStore integration
  • 8.
    LOOK MA’, NODOCKERFILES! MAVEN + DOCKER MVN PACKAGE .JAR DOCKER BUILD IMAGE .JAR DOCKER PUSH REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER DOCKERFILE
  • 9.
    LOOK MA’, NODOCKERFILES! MAVEN + DOCKER
  • 10.
    LOOK MA’, NODOCKERFILES! MAVEN + DOCKER
  • 11.
    LOOK MA’, NODOCKERFILES! MAVEN + DOCKER
  • 12.
    LOOK MA’, NODOCKERFILES! MAVEN + DOCKER
  • 13.
    LOOK MA’, NODOCKERFILES! JIB MVN PACKAGE REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER
  • 14.
    LOOK MA’, NODOCKERFILES! JIB
  • 15.
    LOOK MA’, NODOCKERFILES! JIB
  • 16.
    LOOK MA’, NODOCKERFILES! JIB
  • 17.
    LOOK MA’, NODOCKERFILES! GO + DOCKER GO BUILD BIN DOCKER BUILD IMAGE BIN DOCKER PUSH REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER DOCKERFILE
  • 18.
    LOOK MA’, NODOCKERFILES! GO + DOCKER
  • 19.
    LOOK MA’, NODOCKERFILES! GO + DOCKER
  • 20.
    LOOK MA’, NODOCKERFILES! GO + DOCKER
  • 21.
    LOOK MA’, NODOCKERFILES! KO KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) IMAGE . CONTAINER
  • 22.
    LOOK MA’, NODOCKERFILES! KO
  • 23.
    LOOK MA’, NODOCKERFILES! KO
  • 24.
    LOOK MA’, NODOCKERFILES! KO KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE DOCKER / K8S RUN 
 (IMPLICIT PULL) CONTAINER IMAGE . REKOR SBOM
  • 25.
    LOOK MA’, NODOCKERFILES! KO + K8S KO BUILD REGISTRY IMAGE . IMAGE IMAGE IMAGE REKOR SBOM KUBECTL .YAML
  • 26.
    LOOK MA’, NODOCKERFILES! KO + K8S KO APPLY REGISTRY IMAGE . IMAGE IMAGE IMAGE REKOR SBOM .YAML
  • 27.
    LOOK MA’, NODOCKERFILES! KO + K8S
  • 28.
    LOOK MA’, NODOCKERFILES! KO + K8S
  • 29.
  • 30.
    LOOK MA’, NODOCKERFILES! PROS ▸ Simplicity ▸ Hides complexity ▸ Developers can focus on their core strengths ▸ Streamlines processes Photo by Erik Geiger from Pexels 
 https://www.pexels.com/photo/close-up-on-engine-start-button-in-car-7085726/
  • 31.
    LOOK MA’, NODOCKERFILES! PROS ▸ Guidance & Governance ▸ Opinionated defaults reviewed by the open source community but overridable as needed ▸ Org / Team speci fi cs can be managed using existing tools (i.e. Parent POM) ▸ Fosters a culture of automation over manual tasks / tribal knowledge Photo by Nextvoyage 
 https://www.pexels.com/photo/brown-asphalt-road-beside-lake-730662/
  • 32.
    LOOK MA’, NODOCKERFILES! PROS ▸ Security ▸ Minimal images limit attack blast radius ▸ Automation produces deterministic results and is auditable ▸ Standardized processes limit human error Photo by Scott Webb 
 https://www.pexels.com/photo/two-gray-bullet-security-cameras-430208/
  • 33.
    LOOK MA’, NODOCKERFILES! CONS ▸ Black Box / Magic ▸ Abstracting away complexity can focus knowledge on a few, specialized people ▸ Lack of ability to troubleshoot container technologies because it’s not understood but the wider team ▸ Burnout of the few that do understand it ▸ Outages if nobody understands it Image by @docker (@laurelcomics ) 
 https://twitter.com/Docker/status/1239256807366934530
  • 34.
    LOOK MA’, NODOCKERFILES! CONS ▸ Security complacency ▸ With image creation “magically” happening, image scanning can get forgotten ▸ Vulnerabilities found in un-updated images, packages, libraries, etc can be missed ▸ Continuous scans via build scripts or other tooling can help. (automate, automate, automate) Image by @docker (@laurelcomics ) 
 https://twitter.com/Docker/status/1239256807366934530
  • 35.
    LOOK MA’, NODOCKERFILES! CONS ▸ Docker fi les are not that dif fi cult ▸ Syntax is pretty simple ▸ Best practices are well documented ▸ Linter’s and scanners exist to catch issues Image by @docker (@laurelcomics )
  • 36.
    LOOK MA’, NODOCKERFILES! RESOURCES ▸ jib: https://github.com/GoogleContainerTools/jib ▸ My blog: https://snyk.io/blog/building-java-container-images-using-jib/ 
 ▸ ko: https://github.com/google/ko ▸ Stanley Nguyen video: https://youtu.be/TpfKCE9uyCA 
 ▸ Docke fi le reference docs: https://docs.docker.com/engine/reference/builder/ 
 ▸ My blog on image annotations/labels: 
 https://snyk.io/blog/how-and-when-to-use-docker-labels-oci-container-annotations/ 
 ▸ Examples used in these slides: https://github.com/ericsmalling/alt-image-builders https://dockr.ly/TortoiseAcres @ERICSMALLING